Denial of Service Vulnerability in Tidy by HTACG
CVE-2017-13692

7.5HIGH

Key Information:

Vendor: Htacg
Status: Tidy
Vendor: CVE Published:; 25 August 2017

What is CVE-2017-13692?

In Tidy version 5.5.31, a flaw in the IsURLCodePoint function within attrs.c renders the application vulnerable to denial of service attacks. Attackers can exploit this vulnerability by supplying an invalid ISALNUM argument, which can lead to a segmentation fault and cause the application to crash. This issue highlights the importance of robust input validation in applications that process HTML and underscores the necessity for timely updates and patches to maintain security.

References

https://github.com/htacg/tidy-html5/issues/588

x_refsource_CONFIRM

http://www.securityfocus.com/bid/100506

vdb-entryx_refsource_BID

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 25, 2017
Vulnerability Reserved
Aug 25, 2017

JSON

Htacg

What is CVE-2017-13692?

References

CVSS V3.1

Timeline